From 104814031656b4e5cd801a088e58680620d5aedc Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 22 Mar 2018 11:49:23 -0400 Subject: [PATCH] add patch fix-offset-overflow-on-32bit-arches-iomap_begin --- fix-offset-overflow-on-32bit-arches-iomap_begin | 46 +++++++++++++++++++++++++ series | 1 + timestamps | 7 ++-- 3 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 fix-offset-overflow-on-32bit-arches-iomap_begin diff --git a/fix-offset-overflow-on-32bit-arches-iomap_begin b/fix-offset-overflow-on-32bit-arches-iomap_begin new file mode 100644 index 00000000..5438daa9 --- /dev/null +++ b/fix-offset-overflow-on-32bit-arches-iomap_begin @@ -0,0 +1,46 @@ +ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin() + +From: Jiri Slaby + +ext4_iomap_begin() has a bug where offset returned in the iomap +structure will be truncated to unsigned long size. On 64-bit +architectures this is fine but on 32-bit architectures obviously not. +Not many places actually use the offset stored in the iomap structure +but one of visible failures is in SEEK_HOLE / SEEK_DATA implementation. +If we create a file like: + +dd if=/dev/urandom of=file bs=1k seek=8m count=1 + +then + +lseek64("file", 0x100000000ULL, SEEK_DATA) + +wrongly returns 0x100000000 on unfixed kernel while it should return +0x200000000. Avoid the overflow by proper type cast. + +Fixes: 545052e9e35a ("ext4: Switch to iomap for SEEK_HOLE / SEEK_DATA") +Signed-off-by: Jiri Slaby +Signed-off-by: Jan Kara +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org # v4.15 +--- + fs/ext4/inode.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index c94780075b04..c07d6456b548 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -3524,7 +3524,7 @@ static int ext4_iomap_begin(struct inode *inode, loff_t offset, loff_t length, + iomap->flags |= IOMAP_F_DIRTY; + iomap->bdev = inode->i_sb->s_bdev; + iomap->dax_dev = sbi->s_daxdev; +- iomap->offset = first_block << blkbits; ++ iomap->offset = (u64)first_block << blkbits; + iomap->length = (u64)map.m_len << blkbits; + + if (ret == 0) { +-- +2.13.6 + + diff --git a/series b/series index 67546ef4..d0bbcc64 100644 --- a/series +++ b/series @@ -10,6 +10,7 @@ fix-bitmap-init-jbd-conformance protect_disksize_update_in_direct_write_path update-i_disksize-if-direct-write-past-ondisk-size +fix-offset-overflow-on-32bit-arches-iomap_begin #################################################### # unstable patches diff --git a/timestamps b/timestamps index de06a1f2..e8f082a5 100755 --- a/timestamps +++ b/timestamps @@ -42,7 +42,8 @@ touch -d @1519067887 journal-superblock-changes touch -d @1519067887 stable-boundary-undo.patch touch -d @1519067888 add-journal-no-cleanup-option touch -d @1521733285 protect_disksize_update_in_direct_write_path -touch -d @1521733418 series touch -d @1521733499 update-i_disksize-if-direct-write-past-ondisk-size -touch -d @1521733517 status -touch -d @1521733561 timestamps +touch -d @1521733733 series +touch -d @1521733748 status +touch -d @1521733826 fix-offset-overflow-on-32bit-arches-iomap_begin +touch -d @1521733830 timestamps -- 2.11.4.GIT